Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-15596

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-18 Oct, 2017 | 08:00
Updated At-05 Aug, 2024 | 19:57
Rejected At-
Credits

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:18 Oct, 2017 | 08:00
Updated At:05 Aug, 2024 | 19:57
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2017/dsa-3969
vendor-advisory
x_refsource_DEBIAN
https://xenbits.xen.org/xsa/advisory-235.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039568
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.debian.org/security/2017/dsa-3969
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://xenbits.xen.org/xsa/advisory-235.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1039568
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2017/dsa-3969
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://xenbits.xen.org/xsa/advisory-235.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1039568
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.debian.org/security/2017/dsa-3969
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://xenbits.xen.org/xsa/advisory-235.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039568
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:18 Oct, 2017 | 08:29
Updated At:20 Apr, 2025 | 01:37

An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.0MEDIUM
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Primary2.04.9MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.9
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:rc3:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:rc4:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:rc5:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.0
cpe:2.3:o:xen:xen:4.4.0:rc6:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.1
cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.1
cpe:2.3:o:xen:xen:4.4.1:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.1
cpe:2.3:o:xen:xen:4.4.1:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.2
cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.2
cpe:2.3:o:xen:xen:4.4.2:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.2
cpe:2.3:o:xen:xen:4.4.2:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.3
cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.3
cpe:2.3:o:xen:xen:4.4.3:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.4.4
cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.0
cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.0
cpe:2.3:o:xen:xen:4.5.0:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.0
cpe:2.3:o:xen:xen:4.5.0:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.0
cpe:2.3:o:xen:xen:4.5.0:rc3:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.0
cpe:2.3:o:xen:xen:4.5.0:rc4:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.1
cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.1
cpe:2.3:o:xen:xen:4.5.1:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.1
cpe:2.3:o:xen:xen:4.5.1:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.2
cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.3
cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.4
cpe:2.3:o:xen:xen:4.5.4:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.5.5
cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.0
cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.0
cpe:2.3:o:xen:xen:4.6.0:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.0
cpe:2.3:o:xen:xen:4.6.0:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.0
cpe:2.3:o:xen:xen:4.6.0:rc3:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.0
cpe:2.3:o:xen:xen:4.6.0:rc4:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.0
cpe:2.3:o:xen:xen:4.6.0:rc5:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.1
cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.2
cpe:2.3:o:xen:xen:4.6.2:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.3
cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.4
cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.5
cpe:2.3:o:xen:xen:4.6.5:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.6.6
cpe:2.3:o:xen:xen:4.6.6:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:rc1:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:rc2:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:rc3:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:rc4:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:rc5:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.0
cpe:2.3:o:xen:xen:4.7.0:rc6:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.1
cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.2
cpe:2.3:o:xen:xen:4.7.2:*:*:*:*:*:*:*
Xen Project
xen
>>xen>>4.7.3
cpe:2.3:o:xen:xen:4.7.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.debian.org/security/2017/dsa-3969cve@mitre.org
N/A
http://www.securitytracker.com/id/1039568cve@mitre.org
Third Party Advisory
VDB Entry
https://xenbits.xen.org/xsa/advisory-235.htmlcve@mitre.org
Mitigation
Patch
Vendor Advisory
http://www.debian.org/security/2017/dsa-3969af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1039568af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://xenbits.xen.org/xsa/advisory-235.htmlaf854a3a-2127-422b-91ae-364da2661108
Mitigation
Patch
Vendor Advisory
Hyperlink: http://www.debian.org/security/2017/dsa-3969
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1039568
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://xenbits.xen.org/xsa/advisory-235.html
Source: cve@mitre.org
Resource:
Mitigation
Patch
Vendor Advisory
Hyperlink: http://www.debian.org/security/2017/dsa-3969
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1039568
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://xenbits.xen.org/xsa/advisory-235.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

115Records found
CVE-2012-0879
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.21%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context.

Action-Not Available
Vendor-n/aSUSECanonical Ltd.Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_enterprise_serverubuntu_linuxlinux_enterprise_high_availability_extensiondebian_linuxlinux_enterprise_desktoplinux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-0810
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.69%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 13:14
Updated-06 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The int3 handler in the Linux kernel before 3.3 relies on a per-CPU debug stack, which allows local users to cause a denial of service (stack corruption and panic) via a crafted application that triggers certain lock contention.

Action-Not Available
Vendor-Linux Kernel Organization, IncThe Linux Foundation
Product-linux_kernelLinux kernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-0058
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 20.01%
||
7 Day CHG~0.00%
Published-17 May, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-2689
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.48%
||
7 Day CHG~0.00%
Published-28 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelenterprise_linux_desktopenterprise_linux_serverenterprise_linux_workstationn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-2491
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 14.93%
||
7 Day CHG~0.00%
Published-01 Mar, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, Inc
Product-linux_kernelenterprise_linux_serverenterprise_linux_desktopenterprise_linux_workstationn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-2918
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 25.07%
||
7 Day CHG~0.00%
Published-24 May, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-1083
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-03 Apr, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncSUSE
Product-linux_kernellinux_enterprise_serverenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktoplinux_enterprise_desktopn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-1474
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.14% / 35.39%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 18:44
Updated-06 Aug, 2024 | 22:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2011-0999
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.11% / 30.62%
||
7 Day CHG~0.00%
Published-23 Feb, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-3858
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.16% / 37.43%
||
7 Day CHG~0.00%
Published-30 Nov, 2010 | 21:19
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The setup_arg_pages function in fs/exec.c in the Linux kernel before 2.6.36, when CONFIG_STACK_GROWSDOWN is used, does not properly restrict the stack memory consumption of the (1) arguments and (2) environment for a 32-bit application on a 64-bit platform, which allows local users to cause a denial of service (system crash) via a crafted exec system call, a related issue to CVE-2010-2240.

Action-Not Available
Vendor-n/aCanonical Ltd.Linux Kernel Organization, IncDebian GNU/Linux
Product-linux_kerneldebian_linuxubuntu_linuxn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-4243
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.19% / 41.59%
||
7 Day CHG~0.00%
Published-22 Jan, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an "OOM dodging issue," a related issue to CVE-2010-3858.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-4249
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.31%
||
7 Day CHG~0.00%
Published-29 Nov, 2010 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wait_for_unix_gc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service (system hang) via crafted use of the socketpair and sendmsg system calls for SOCK_SEQPACKET sockets.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-linux_kernelfedoran/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2010-3698
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 27.92%
||
7 Day CHG~0.00%
Published-26 Nov, 2010 | 18:23
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT).

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, Inc
Product-linux_kernelfedoran/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-25252
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.83%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 15:43
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Action-Not Available
Vendor-Linux Kernel Organization, IncNovellELAN Microelectronics CorporationNetApp, Inc.Microsoft CorporationTrend Micro IncorporatedApple Inc.
Product-deep_securityscanmail_for_ibm_dominoserverprotectserverprotect_for_network_appliance_filersworry-free_business_securityofficescanscanmailsafe_lockmacoscloud_edgenetwareportal_protectinterscan_messaging_security_virtual_applianceinterscan_web_security_virtual_appliancecluster_data_ontaplinux_kerneldeep_discovery_email_inspectordeep_discovery_inspectordeep_discovery_analyzerserverprotect_for_storageapex_onewindowscontrol_managerapex_centralcelerra_network_attached_storageTrend Micro Virus Scan API (VSAPI) Engine
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-9039
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-6.2||MEDIUM
EPSS-0.07% / 22.99%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.

Action-Not Available
Vendor-joyentJoyent
Product-smartosSmartOS
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found